10 Principles of Cybersecurity

By. Fita Indah Maulani

In the context of the 4.0 industrial revolution, almost every business is transforming itself by adopting leading technologies and innovative data-driven business models. In this massive digital transformation wave, the company must be considering about digital security aspect. Here are ten cybersecurity principles.

Principle 1: Think like a Leader

Therefore, the person’s function in charge of IT in the company becomes more strategic, affecting company security. Every employee also has a vital role in guarding and preventing the company from being exposed to cyber-attacks.

In this regard, several things need mutual attention, namely:

  • Foster transparency and trust.
  • Develop critical thinking, creativity, and problem-solving skills from the cybersecurity team and across the organization.
  • Understand the business and industry in which Alita’s people work because cyber threats are unique to each sector, including explaining to management in a language that is easy for all to understand.
  • Align business strategy with company cybersecurity strategy.

 

Principle 2: Foster Internal and External Partnerships

Responsible for cybersecurity needs to develop a vision, goals, and performance targets and the board of directors to ensure the right time to launch products and solutions that are safe and easy to use.

Developing cybersecurity in a company is not the task of one person or one department; it is necessary to create a cross-departmental team in a project committee that involves legal, compliance, regulatory, and other related departments.

Apart from that, the development of cybersecurity also needs to collaborate with outside parties to help accelerate a safe and easily adapted system.

Principle 3: Build and Train the Power of Cyber ​​Hygiene

The core security principles are an essential basis for building vital safety hygiene in an organization, as follows:

  • Develop a detailed inventory and configuration system.
  • Develop a strong repair strategy.
  • Implement strong authentication at all levels of the organization.
  • Secure the active directory.
  • Enforce data security mechanisms for critical business processes.

 

Principle 4: Protect Access to Important Assets

Not all user access is created equal. For example, a project engineer does not need access to an organization’s financial data, and a finance manager does not need to access the organization’s production code repository.

There should be a layered access mechanism for privileged users to access important company data or assets. Every layer must fortify with different multi-factor authentication mechanisms based on information sensitivity.

Principle 5: Protect Your E-mail Domain from Phishing

E-mail is one of the most used channels on every employee’s day and makes it one of the primary entry keys for cyber attacks. WEF data shows that more than 90% of medium-sized companies receive e-mails detected as containing malware.

Reducing the risk of misuse of e-mail can be achieved by implementing the following steps:

  • Train all employees to recognize phishing e-mails, especially managerial levels who have access to sensitive company information.
  • Continue to update the information to provide regular information updates as phishing continues to evolve, including via telephone (vishing) and text messages (smishing).
  • Implement e-mail filters to identify and quarantine spam e-mails, links, and suspicious e-mail attachments.
  • Use the latest anti-malware software.

 

Principle 6: Take a Zero Trust Approach to Secure Your Supply Chain

Companies should abandon the belief that perimeter security, achievable with a firewall or anti-virus protection, is sufficient. They need to adopt a zero-trust approach to secure supply chains by following the following steps:

  • Limit access as needed.
  • Check the vendor’s background thoroughly, including the access they have.
  • Renewed contracts with old vendors, added cybersecurity clauses.
  • By contract binding vendors with security policies and standards.
  • Perform audits on vendors through third parties.
  • Require vendors to process sensitive data that has experienced a cyber attack incident within 72 hours of the incident.

 

Principle 7: Prevent, Monitor, and Respond to All Cyber ​​Threats

There are three approaches in anticipating the threat of cyber attacks, namely:

  • Prevent. Prevention strategies are fundamental and must continue to evolve following the development of the digital world. Multi-layer prevention helps strengthen the company’s protection in protecting its essential assets.
  • Detect. Precautions cannot be the only shield against bullets against cyberattacks.
  • Respond. Detection is useless without a response from the company in the face of cyberattacks. Each attack must be responded to and sought to the leading source (patient zero) so that the attack can be traced and got end-to-end solutions with periodic checks afterward.

 

Principle 8: Develop and Simulate a Comprehensive Crisis Management Plan

Crisis management is an essential component of any security program in today’s world, where security incidents are, again, not an issue, but when. Many companies focus on preventing and defending against cyberattacks while not focusing enough on preparing an organization-wide crisis management guide.

Principle 9: Develop a Robust Recovery Plan from Cyber ​​Attacks

Follow best practices when developing a cyberattack plan, namely:

  • Define your critical assets.
  • Identify the best recovery solutions.
  • Open communication with regulators related to cybersecurity issues.
  • Review and practice your plan regularly.

 

Principle 10: Create a Cybersecurity Culture

Follow best practices when developing a cyberattack plan, namely:

  • Develop user awareness and training tailored to each unit according to user needs.
  • Raise awareness of all employees through ongoing campaigns on the importance of cybersecurity.
  • Imposing sanctions for employees and vendors who do not implement cybersecurity measures under applicable regulations.

 

Sourced from a World Economic Forum article entitled “The Cybersecurity Guide for Leaders in Today’s Digital World.”